Quick Start Security for GCP Cloud Storage
Thank you!
We got your information.
Coralogix Extension For GCP Cloud Storage Includes:
Alerts - 1
Stay on top of GCP Cloud Storage key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.
Multiple Buckets Deleted By a User
This alert gets triggered when multiple buckets are deleted in a short period by a single user. Note - In this alert, the threshold is set to more than 5 buckets deleted within 15 minutes timeframe. Impact A potential threat actor might intentionally erase a storage bucket to disrupt the business operations of their target. The impact would be - data loss, operation interruption, database downtime, etc. Mitigation System or network administrators can delete storage buckets. Confirm whether the user email, resource name, and/or hostname align with authorized entities for making changes in your environment. For critical data buckets, it is recommended to take the daily data backup. MITRE Tactic: TA0040 MITRE Technique: T1485
Integration
Learn more about Coralogix's out-of-the-box integration with GCP Cloud Storage in our documentation.